Earlier today, stories were hitting the web that Ubisoft's DRM installed a browser plug-in that contained a backdoor. Ubisoft acted quickly and has released a patch to fix the security hole as it turns out that the backdoor was an accident and was in no way meant to be there, or at least not exploitable as it was.
Tavis Ormandy, a Google security engineer, found the backdoor and wrote about it on the Seclists.org mailing list on Sunday. Mr. Ormandy went as far as to post a few lines of Javascript as an untested proof of concept. This morning, the story made it onto Hacker News along with a working proof of concept.
The list of games which come with Uplay, and the vulnerability, are as follows:
Assassin's Creed II
Assassin's Creed: Brotherhood
Assassin's Creed: Project Legacy
Assassin's Creed Revelations
Assassin's Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy's H.A.W.X. 2
Tom Clancy's Ghost Recon: Future Soldier
Tom Clancy's Splinter Cell: Conviction
Your Shape: Fitness Evolved
Ubisoft has issued a statement regarding the vulnerability. They say that a patch has been provided and is a forced patch. It's important to update now that the proof of concept has been released. The statement is below for your viewing pleasure:
We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.
Ubisoft grows increasingly vulnerable to a buyout or takeover
Microsoft lays out terms of new Ubisoft Divestment Agreement to UK regulators
Ubisoft hesitant to confirm unannounced games as it weighs strategic and capitalistic options
Denuvo Anti-Tamper DRM creators want to prove it doesn't impact performance in PC games
Dragon Age: The Veilguard won't have DRM protection, Denuvo or otherwise
PlayStation Portal's latest update adds over 50 classics to its cloud gaming library
Tim Cook should handle the Apple Intelligence crisis like Steve Jobs handled Antennagate
Ex-Facebook director says Zuckerberg used to forget his passport and 'blame everyone else'
Cloud Gaming is Xbox's 'fastest growing' platform - and new devices are on the way
Taiwan worried over TSMC-Trump deal and US 'tech transfer': Taiwan will lose its chip dominance
SAPPHIRE Radeon RX 9070 XT NITRO+ Review - RDNA 4's Most Impressive GPU
TeamGroup T-Force GC Pro 2TB SSD Review - 13,000 MB/s on the Cheap
MSI GeForce RTX 5070 GAMING TRIO OC Review - Fantastic OC Performance
XPG Valor Air Plus Mid-Tower Chassis Review
AMD Ryzen 9 9950X3D Review - The all-round X3D chip we've been waiting for
MSI MPG 321CURX Gaming Monitor Review - Peak PC Gaming for $999
Galaxy Quest (1999) 4K Blu-ray Review
LaCie Rugged SSD Pro5 2TB - A First of its Kind Masterpiece
ASUS PRIME GeForce RTX 5070 Ti OC Edition Review
GIGABYTE Radeon RX 9070 GAMING OC Review - Fantastic Performance, Questionable Value
GIGABYTE's AMD B850 Motherboards Are All PCIe 5.0 Supported and Ready to Unleash Full Potential
MSI B850 & X870/X870E motherboards unlock AMD Ryzen's full potential with DIY-friendly features
Why your next work laptop should be a Venom BlackBook Zero 14 Phantom
ADATA's Lancer CUDIMM ARGB Memory Introduces a New Horizon of Speed
Cooler Master's new MasterFrame Series is set to change how we build PCs